Creating layer 3 link among 6513 CatOs with MSFC (IOS)

Unanswered Question
May 21st, 2008

As far as my understanding, SVI ( Switched virtual interface) is the way of creating Layer 3 (L3 link between the switch with same VLAN and /30 block of IP address in either side of link.

Could anybody explain me how it works other than just a Layer 2 trunk link between the switches.

I hope to get clear picture ( concept) of it from you guys.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Loading.
lamav Wed, 05/21/2008 - 08:17

S:

before switches started running Native IOS, the CatOS system involved doing what you said.

You have to create a vlan in layer 2 on the L2 portion of the switch (supervisor), and then create the routed interface (SVI) on the msfc.

So, if I wanted to connect two (2) catOS switch ports together on 2 different switches, I would have to simulate a routed interface by placing the switch ports on both sides in the same vlan and then creating the SVi on each switch.

switch 1 config:

vlan 10

(create vlan for peering)

set vlan 10 3/1

(place switch port in peering vlan)

interface vlan 10

ip address 10.10.10.1 255.255.255.252

(create routed interface)

Then you would do the same on the other side.

With native IOS switches, you could configure an interface as an L3 interface and treat it like a router's interface.

HTH

Victor

subharojdahal Wed, 05/21/2008 - 10:32

Victor

thanks a lot.

I am getting more detail into my network. Here I have a question.

Can I create a routed interface vlan with block size of 8 and assign each out of 6 availabe IP addresses to either side of the link that connect A to C, A to D, B to C and B to D.

Does it work?

victor, let me know if you need more infomration.

subharoj

lamav Wed, 05/21/2008 - 11:43

Hi:

Youre not bugging me at all. I volunteered to help you.

And the answer is absolutely. Its done all the time.

You can create an SVI with a mask of, say, 255.255.255.248 and throw six ports in that vlan and simulate routed interfaces among them.

Its done all the time. Some people get cray and assign /24 subnets.....

HTH

Victor

subharojdahal Wed, 05/21/2008 - 12:32

Thanks alot.

now new connection look like

A<-->C

A<-->D

A<-->B

B<-->C

B<-->D

C<-->D

At that time switch have multiple route to D.

As long as I put all connected port of all switch in same vlan ( lets say vlan 3).

Does STP instance for vlan 3 come in to play and avoid the forming loop ? or there are other way arround to fix layer 2 looping problem ! !!!

subharoj

lamav Wed, 05/21/2008 - 12:55

Thats a really good question.

The fact that youre creating a vlan in layer 2 makes it certain that the vlan will participate in the STP process. However, Im not sure how its going to effect your desired topology, though....

Something I need to think about...

Victor

subharojdahal Wed, 05/21/2008 - 13:02

I just wanted to add one more information on your thought. The switch D is working as root bridge for vlan3 that I am gonna implement.

Let me know your thought.

subharoj

lamav Thu, 05/22/2008 - 06:37

Sorry I took so long to get back. Ive been busy...

OK, I mapped out your desired topology and with switch D as the root bridge, switches A and C will have root ports in the forwarding state and 2 designated ports facing B, but one of them will be blocked. The link between D and B will be blocked on one end, too.

If you map it out, you will see that switch B has 2 uplinks, one to switch A and one to switch C. Each of those switches has an uplink to D. And then you have that link going directly from D to B, which will have to get blocked, just like one of B's uplinks.

Each one of those links is acting as an inter-switch-link, and each is carrying the same vlan, hence the redundant paths.

What is your requirement? Why do you want to connect the switches this way?

This is my take on this. Perhaps someone else has a different perspective...

Victor

subharojdahal Thu, 05/22/2008 - 07:44

thanks lot victor. You deserve a rating.

Well, I am working as consultant in one of big organization. They have setup like that as I mentioned above. At this time if one link goes down the whole segment goes down. So, they want me to make it full redundant with no down time.

So, I just wanted to add some more links into the swithc so that there will be no problem in case one swithc goes down. I dont want to hassel with current configuration. Thats why I wanted to add those new links in same vlan as the old ones are. As EIGRP is enabled already, I dont need to configure it if I choose same /28 block of IP for that VLAN.

Last question, Other than adding the port into routing VLAN ( that we discussed), if I make it trunk and allow couple of VLANs, then is there any problems. Why I wanted to do this is They have one VLAN ( device management vlan) that spans through out the network.

I really appreciate your help. thanks lot for all your replies.

subharoj

Stephen Berk Thu, 05/22/2008 - 09:15

If the switches are setup fully-meshed as described, you would have root ports on a, b, and c. The failure of any link would cause spanning tree to recalculate and ports would change their role.

Bigger question is why you want to setup SVIs as you stated. If D is the root and presumably trunked to a layer 3 device, you should only need a /30 network with an SVI on switch D and the other end of the link on the layer 3 device. All the access ports on switches a, b, and c should be vlan 3 and trunks between all switches. There is no need to put a layer 3 interface on each of the switches unless you have multiple vlans and want to keep that routed traffic local to each switch. Think of SVIs as a router module inside a switch. If STP convergence time is a problem with link failures, setup rapid STP, make sure you have access ports configured for portfast, and trunks configured for backbonefast if supported. Check Cisco.com for your model's configuration guide.

lamav Thu, 05/22/2008 - 10:02

Stephen:

The proposed design seems a bit peculiar to me, too. Thats why i asked what his requirements are.

I do think that what he wants to achieve is a fully meshed layer 3 design, but his use of SVIs (since he is working with CatOS) will subject the L3 peering vlan to spanning tree calculations and convergence, as opposed to a native IOS switch, where you would make it a layer 3 interface with the "no switchport" command, apply the ip address, and treat it like a regular router interface.

As far as switch C is concerned, the possibility of having 2 root ports would force one of those ports/uplinks to be blocked. That was also one of my concerns

Victor

subharojdahal Thu, 05/22/2008 - 11:05

Victor and Stephen

The Switch A, B are HSRP pair for more than 20 VLANs and C and D are also HSRP pair for more than 30 VLANs. Thats why, I need SVI from each of my core switch. I am not allowed to change Inter-VLAN routing for vlans at A and B to move in C and D. Thats why, I want to create kinda mesh SVIs among switches.

All device are in a particular management VLAN, so i must allow that vlan move freely through all part of network. I could isolate device managemet VLAN and make it local and let it route through SVI, that again would again create whole lot of work and configuration changes.

I understand it seems litle crapy for you guys and me as well. But I would say I am just working as cosultant just to make link redudancy among those core swiches.

So, Can I still go with the solution as victor write earlier? I know portfast and backbonefast with RAPID-PVST+ will help to converge the network considerably fast. At least I hope so ?

Anyway thanks a lot for your thought and concern.

lamav Thu, 05/22/2008 - 11:50

OK, so lets take a different approach.

Why did you wan to use a /28 subnet to support this full meshed topology? I guess you were just thinking out loud....

Anyway, if you use that appraoch, you will have a problem with STP, as we discussed.

So, just make each L3 connection a separate /30 subnet and be done with it. STP and blocked ports will no longer be an issue.

So, grab a /24 and break it up.

10.10.10.0/30

10.10.10.4/30

10.10.10.8/30

10.10.10.12/30

etc...

That having been said, it seems like you are describing 2 routed distribution layer clusters - A/B as an HSRP pair, and C/D as another. Is there are a core layer? It seems to me that a good way of tying all these switches together is through L3 uplinks to a routed, fast-packet pushing core.

Each switch can be dual-homed to the core switches.

Is this feasible?

Victor

subharojdahal Thu, 05/22/2008 - 12:57

My client network is not designed properly. Actually, Core switches (CD) are not that swiches as we often see well designed cisco network with access, distribution and fast switched core layer. Instead, switches C and D connected with outside world ( PIX, Router, VPN concentrator etc ??) thats why they call it core, and I did same LOL.

they have well defined aceess layer that terminates each vlan to distribution layer with HSRP configuration. But their distribution as well as core layer is kind of merged. Out of four switch, two are connecting to outside world, switches AB, numbers of other access layers and numbers of other servers.

Thats what they are and want my magic hand to make so called core ( distribution) segment redundant. And I came here to get magic hands of you guys so that I could act as NAT server. LOL.

By the way, from your last name LAMA, I sense some familiarity with one of my friend from Nepal ( a country in Asia) named Santosh Lama.

Anyway, thanks a lot for your help

subharoj

Stephen Berk Thu, 05/22/2008 - 13:18

I agree with Victor. Put /30 addresses on the links and be done with it.

subharojdahal Thu, 05/22/2008 - 13:35

thanks lot stephen,

Can I add one L2 link at the same time and allow just one vlan ( 45) used for device (switch, routers, and access points) management.

Just to make sure that All ports connecting SVI links (L3) are not the trunk port, are they?

What happen if I make it trunk port and let only allow vlan 45 ( device management vlan).

Is there any other way to span device management vlan across the whole network ?

Stephen Berk Fri, 05/23/2008 - 06:39

I'm not familiar enough with CatOS to speak intelligently about this, and without an accurate network diagram, I feel like I'm shooting in the dark with any suggestions. You're best bet is to spend a few long days learning about trunking and SVIs.

The simple answer is, SVIs are virtual layer 3 interfaces. You trunk between them. Good luck.

subharojdahal Fri, 05/23/2008 - 06:47

I will definately spending days for it.

But I am seeing this weekend couldn't be that long for me. anyway guys, you enjoy your LONG weekend

Thanks lot

Actions

This Discussion